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Abstract 


This publication presents an architecture for using diagnostic reasoning 
techniques in selective monitoring. Given the sensor readings and a model 
of the physical system, a number of assertions are generated and expressed 
as Boolean equations. The resulting system of Boolean equations is solved 
symbolically. Using a priori probabilities of component failure and Bayes 
rule, revised probabilities of failure can be computed. These will indicate 
what components have failed or are the most likely to have failed. This 
approach is suitable for systems that are well understood and for which 
the correctness of the assertions can be guaranteed. Also, the system must 
be such that assertions can be made from instantaneous measurements. 
And the system must be such that changes are slow enough to allow the 
computation. 
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1 Introduction 


Complex physical systems can be difficult to monitor because the number 
of sensor signals may exceed the human operators’ ability to handle them. 

One solution to managing overwhelming amounts of sensory information 
is the use of computer aids that preprocess the incoming data and direct the 
operators’ attention to the most critical parts of the physical system at any 
given time. Causal reasoning [10] and information quantification [11] are 
examples of techniques that lead to computer aids to selective monitoring. 

Diagnostic reasoning techniques can also be used to preprocess the sen- 
sor data and detect which parts of the physical system require more atten- 
tion because components have failed or are most likely to have failed. 

This publication presents an architecture for using diagnostic reasoning 
techniques in selective monitoring. The diagnosis process starts with the 
generation of as many assertions as possible, given the sensory informa- 
tion. These assertions are expressed as Boolean equations and are com- 
bined, symbolically, into a simplified disjoint sum form. Using a priori 
probabilities of failure for each component and Bayes’ rule, revised proba- 
bilities of failure are computed. These are then used to focus the operators’ 
attention on those components known to have failed or which are most 
likely to have failed. This method is robust in the sense that even when 
a priori probabilities are not accurate, if there is enough evidence showing 
that a component has or has not failed, the value computed for the revised 
probability of failure will be 1 or 0, respectively. It has the advantage of 
decoupling diagnostic reasoning into the generation of assertions and in- 
ference. The latter can be seen as solving a set of Boolean equations for 
what the well-developed machinery of Boolean algebra can be used. This 
method is suitable for physical systems that are well understood and for 
which accurate models exist. 

The Boolean representation is only used for the inference. The gener- 
ation of assertions still requires more powerful tools which can be either 
reason maintenance systems or domain-dependent methods. The latter 
seems to be more effective in domains that are well understood and for 
which good theories exist. 
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2 Approach 


Consider a physical system E made up of C interconnected components, 
£1 » ^2 > * " ’ » c c • 

Figure 1 shows the diagnosis module of the selective monitoring system. 
The inputs include the sensor readings, a model of E, and the (a priori) 
probabilities of component failures. The output is the set of revised prob- 
abilities of component failure given the evidence that can be deduced from 
the sensor readings. 

Let di be a logical variable that indicates the status of component c,. It is 
true (T) if c, is faulty and false (F) otherwise. In this analysis, a component 
is considered faulty if and only if it exhibits anomalous behavior. From the 
point of view of monitoring what is important is whether or not the physical 
system is working properly at any given time. 

Let N be the number of sensors in E and si, S 2 , ■ ■ ■ , sn their values at a 
given time. 

An analysis of the sensor values, using a model of E, allows I assertions 
about the status of the components to be made. The method of analysis 
may be different from one domain to another. It is assumed that all asser- 
tions are correct. Although it is not necessary that the set of assertions be 
complete, that is that all correct assertions be made, the more assertions 
the better the conclusions that will be drawn. 

Regardless of which method is used for the analysis, each assertion can 
be expressed as a Boolean equation fx{d\, ^ 2 , ■ • • , dc) = T. Therefore, the 
set of all assertions is a system of Boolean equations. The conjunction of 
all equations must also be satisfied, that is 

n Md u d 2 ,---,d c ) = t (i) 

t=i 

where the product is the logical operation and 1 . Equation 1 can be rewrit- 
ten in disjunctive normal form [12] as 

'In this publication, products and sums are used as both arithmetic and logical oper- 
ations. It will be clear from context which is which. 
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2 C -1 

E 


3=0 


C - 1 

II 'yjk-ej 


Jfe=0 


= T 


m 


where 

{ dk+ 1 if bj k = 1 
2£7T if bjk = 0 

with (bj(c-i) bj(c- 2 ) ■ • ■ bjo ) 2 being the binary representation of j. As in 
equation 1, a product is the logical operation AND; a sum is the logical 
operation OR. The logical variable e } is either T or F depending on whether 

C - 1 

or not the conjunction J] 7 y* appears in the disjunctive normal form of 

k=0 

equation 1. 

Equation K summarizes what has been asserted about £ given the sen- 
sor readings and the system model, and using the available analysis tools. 
Equation K can be represented by the integer © whose binary representa- 
tion is (02^-1 Q2P-2 ' ' ' &o) 2 i where 


0 if ej = F 

1 if ej = T 


( 2 ) 


Let p(ci) be the (a priori) probability of failure for component c,. It 
is assumed that p(c\),p(c2), ■ ■ ■ ,p(cc ) are independent. Let p(c,|AT) be the 
conditional probability of failure for c, given that equation K is satisfied. 
From Bayes’ rule: 

m K) = ( 3 ) 

where p(K\Ci) is the conditional probability that equation K is satisfied 
given the failure of c,, and p(K) is the (a priori) probability that equation 
K is satisfied. 


Since it was assumed that p(c\),p{c 2 ), • • • ,p(cc) are independent, it is 
straightforward to compute the (a priori) probability that equation K is 
satisfied: 


P(K) 


2 c -\ 


£ 

3 = 0 


[(n Pjk) ■ e i 

Jfc=0 


( 4 ) 


4 


where 


r P(cjt+i) if bjk = 1 

(i.e., if 7 ,-fc = d k+ \) 

Pi fr = W 

^ l-p(c fc+1 ) if = 0 

l (i.e., if 7 j fc = d*+i) 

with (&j(c-i)&j(C-2)---f , jo) 2 being the binary representation of j, and 9j 
being as defined in equation 2. 

Similarly, it is straightforward to compute the conditional probability 
that equation K is satisfied given the failure of component c,: 

piKM = e[( n «,*)•«,] w 

i6Cj k = 0 

kfi 

where C* = {j \ [b j{ = 1]}, (b j(C -i) &j(C- 2 ) • • • &jo) 2 is the binary representa- 
tion of j, Pjk is defined in equation 5, and 0j is defined in equation 2. 

With the probabilities p(c,), p(K ), and p(K\ci), it is possible to compute 
p(ci\K) (the conditional probability of failure for Ci given that equation K 
is satisfied) by using equation 3. 


3 Implementation issues 

The approach outlined in the previous section requires the a priori prob- 
abilities of failure for each component. These can be obtained from the 
manufacturers or from previous experience [17]. It should be noted that 
the approach is robust in the sense that even when the a priori probabilities 
are not accurate, if equation K contains enough evidence to conclude that 
component has failed, the value computed for p{cx\K) will be 1. 

In practice, the computation of equations 4 and 6 need not be carried 
out going over all the 2 C terms for the summation. Only the terms for 
which 6j is 1 will be added. A table computed off-line can store for each 
O a list of the terms that should be added. Furthermore, the products in 
equations 4 and 6 can be computed in parallel. 
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Further gains in computational efficiency are possible if equation 1 is 
written in simplified disjoint sum form [2,13], instead of disjunctive normal 
form, that is 2 

E <fc) = T ( K ') 

i=° 


where pj( 4 ) 4 > • • • , d c ) is a conjunction of (not necessarily all) the logical 
variables d\, 4, • • • , dc, some of which may be negated, and 

a 7 ^ b =*■ g a (di,d 2 ,- ■ • ,dc) • p&(4,4, • ’ • >4) = F. 


Equation K' is a disjunction of D + 1 conjunctions. Equations K and K' are 
equivalent, but in most cases the latter includes fewer (i.e., D + 1 < 2 C ) and 
shorter terms. Equation K' can be computed by symbolic manipulation of 
equation 1 . 

As in equation 4, it is straightforward to compute the (a priori) proba- 
bility that equation K' is satisfied: 

p(AT') = E IT p'ik (?) 

j = o kefCj 


where £'• = {k \ d k or 4 is in g 3 }, and 


P'ik 


p(ck+ i) if 4+i is in g, 

l-p(c* + i) if 4 +i is in g 3 


( 8 ) 


Similarly, as in equation 6 , it is straightforward to compute the condi- 
tional probability that equation K' is satisfied given the failure of compo- 
nent c,: 

p ( k ' ic) = e n />j* < 9 > 

ieJi fce/C' 

where J x = {j | [0 < j < D] A [4 is not in g 3 }}- £' and p' k are the same 
defined above. 

2 Unlike the disjunctive normal form, the disjoint sum forms are not unique. The same 
logical function can have more than one disjoint sum form. 
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Figure 2: A digital circuit example 


As before, with the probabilities p(ci), p(K'), and p{K’\ci), it is possible 
to compute p{c^\K) (the conditional probability of failure for Ci given that 
equation K’ is satisfied) by using equation 3. If equation K' contains enough 
evidence to conclude that component e, has failed, the value computed for 
p(ci\K) will be 1. 


4 Digital circuit example 

Figure 2 shows one digital circuit that has been used in previous work on 
automatic diagnosis [4,6]. It has five inputs and two outputs. The circuit’s 
inputs are connected to the inputs of three multipliers. The outputs of the 
multipliers are connected to the inputs of two adders. The outputs of the 
two adders are the circuit’s outputs. 

Suppose that the circuit is being monitored and that sensors have been 
placed at the five inputs and at the two outputs. 

Let mi, m2, m3, ai, <22 be the logical variables that indicate the status of 
components Ml, M2, M3, Al, A2, respectively. For a full correspondence 
with the notation used in the previous sections let di = m\, d 2 = m 2 , 
d% = m 3 , <£4 = mi, d$ = 0-2 ■ 

Upon measuring A = 3, B = 2, C = 2, D = 3, E = 3, F = 10, and 
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( 10 ) 


G = 12, the following assertions can be made 3 : 
mi + m 2 + a; = T 

which says that Ml is faulty or 4 M2 is faulty or A 1 is faulty, 

mi+m 3 + a 1 +a 2 = T (11) 

which says that Ml is faulty or M3 is faulty or A1 is faulty or A2 is faulty, 
and 


m 2 ■ m 3 • a 2 + m 2 • m 3 + m 2 ■ a 2 + m 3 • a 2 = T (12) 

which says that there cannot be only one of M2, M3, A2 failing; or, equiv- 
alently, either M2, M3, and A2 are not faulty, or at least two of them are 
faulty. It should be noted that this last assertion was not made in previ- 
ous work [8], because it is domain-dependent, and also because in previous 
work if a component does not exhibit anomalous behavior nothing can be 
asserted 5 . 

The three assertions 10 to 12 can be combined, yielding 
(m i + m 2 + ai) • (mi + m 3 T a,\ -f- a 2 ) 

• (frq ■rTq-a^ + m2-mz + m2-a2 + ms-a 2 ) - T 

whose disjoint sum form is 

m 2 • a 2 + mi • m^ • m3 a\-a^ 

+ m 2 ■ m 3 • ai + m x ■ m^ • m 3 • af • a 2 

+ W% ■ m 3 ■ a x ■ a 2 + mt -Tri5 ■ a x -ai = T (13) 

Assuming that the (a priori) probabilities of failure for all components, 
p(mi), p(m 2 ), p(m 3 ), p(oi), and p(o 2 ) are equal to 0.01, the a priori prob- 
ability that equation 13 is satisfied (see equation 7) is: 

p(13 ) = 0.01 2 + 0.01 • 0.99 4 + 

0.01 2 • 0.99 + 0.01 3 • 0.99 2 + 

0.01 3 • 0.99 + 0.01 • 0.99 3 

3 See appendix A for how these assertions can be generated automatically. 

4 The or is inclusive. 

5 As mentioned in section 2, in the approach presented in this publication, if a compo- 
nent does not exhibit anomalous behavior, it is assumed to be not faulty. 
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The conditional probability that equation 13 is satisfied given the failure 
of Ml (see equation 9) is: 

p(13\mi) = 0.01 2 + 0.99 4 + 

0.01 2 • 0.99 + 0.01 2 • 0.99 2 + 

0.01 3 • 0.99 + 0.01 • 0.99 3 


The conditional probability of failure for Ml given that equation 13 is 
satisfied can be computed from Bayes’ rule (see equation 3): 


p(mi | 13) 


p(13\mi) •p(m 1 ) 
p(13) 


0.497 


Similarly, the conditional probabilities of failure for the other compo- 
nents, given that equation 13 is satisfied, are: 

p(m 2 1 13) = 0.010 p(m z \13) = 0.005 

p(a x \13) = 0.497 p(a 2 1 13) = 0.005 

The above revised probabilities tell the operator to focus on components 
Ml and A1 which are most likely to have failed. 

Of course if more sensors are available, a better assessment of the prob- 
abilities of component failure is obtained. Suppose there is an additional 
sensor at X. Upon measuring X = 6, three additional assertions can be 
made 6 : 


m T = T (14) 

which says that Ml is not faulty, 

m 2 + a x — T (15) 

which says that A1 is faulty or M2 is faulty, and 

m3 + a x + a 2 = T (lb) 

which says that Al is faulty or A2 is faulty or M3 is faulty. 

6 See appendix A for how these assertions can be generated automatically. 
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The conjunction of the six assertions, (10) to (12) and (14) to (16), in 
disjoint sum form, is 

mY ■ 7712 • a 2 + • ^2 • • O] • 02 

+ rn{ ■ rft 2 • m 3 • aj • 02 + raj" • m2 • m3 • 02 = T (17) 

The a priori probability that equation 17 is satisfied (see equation 7) is: 

P (ir) = 0.01 2 • 0.99 + 0.01 • 0.99 4 + 

0.01 3 • 0.99 2 + 0.01 2 • 0.99 2 

As before, the conditional probabilities that equation 17 is satisfied 
given the failure of each component can be computed by using equation 
9. And the conditional probability of failure for each device, given that 
equation 17 is satisfied, can be computed by using Bayes’ rule (equation 
3). The results are: 

p(mi 1 17) = 0 

p(m 2 1 1 7) = 0.020 p(mz\ 17) = 0.010 

p{a x \l7) = 0.980 p(a 2 j 77) = 0.010 

The above revised probabilities tell the operator to focus on component 
A1 which is very likely to have failed. They also tell the operator not to 
worry about component Ml which is known not to have failed. 

If there is yet an additional sensor at Y indicating Y = 4, three addi- 
tional assertions can be made 7 : 

7712 = T (18) 

which says that M2 is faulty, 

ST = T (19) 

which says that Al is not faulty, and 

7713 + 02 = T (20) 

which says that M3 is faulty or A2 is faulty. 

7 See appendix A for how these assertions can be generated automatically. 
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The conjunction of the nine assertions, (10) to (12), (14) to (16), and 
(18) to (20), in disjoint sum form, is 

mT • m 2 • oT ■ «2 + W • m2 • m3 • ai ■ 02 = T (21) 

The a priori probability that equation 21 is satisfied (see equation 7) is: 
p(21) = 0.01 2 • 0.99 2 + 0.01 2 • 0.99 3 

As before, the conditional probabilities that equation 21 is satisfied 
given the failure of each component can be computed using equation 9. And 
the conditional probability of failure for each device, given that equation 
21 is satisfied, can be computed by using Bayes’ rule (equation 3). The 
results are: 

p(m\ | 21) = 0 

p(m 2 1 21) = 1 p(m 3 1 21) = 0.503 
p(a\ | 21) = 0 p(a 2 1 21) = 0.503 

The above revised probabilities tell the operator to focus on component 
M2 which is known to have failed, and on components M3 and A2 which 
are likely to have failed. They also tell the operator not to worry about 
components Ml and Al which are known not to have failed. 

Of course if there is a sensor at Z, a complete diagnosis can be made. 

This example shows the strengths and weaknesses of the proposed ap- 
proach. The nine measurements indicate that M2 failed, and that M3 or 
A2 (or both) failed. Furthermore the failure of M2 is compensated by the 
failures of M3 or A2 (or both). This is a very unlikely situation. Assuming 
that there are 16 possible outputs for each component and that all failing 
modes are equally likely, the probability of this situation is 

2 • 0.99 3 • 0.01 ■ ^ + 0.99 2 • 0.01 2 • ^ = 1.3 x 1(T 5 
15 15 

which is three orders of magnitude smaller than the probability that only 
component Al has failed (0.99 4 • 0.01 = 0.96 x 10 2 ). With only seven 
measurements, the approach would not help the operator in this unlikely 

situation. In other words, the approach is good for the more likely failures. 

The approach does not help when the very unlikely fault situations occur. 
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5 Discussion 


Previous approaches used reason maintenance systems for diagnosis. The 
approach presented in this publication divides the diagnosis task into two 
subtasks: the generation of assertions and inference. Moreover, previous 
approaches used probabilistic analysis to assess the likelihoods of each di- 
agnosis (i.e., each solution to the system of Boolean equations K ). In this 
publication, the probabilistic analysis is used to a sse ss the likelihoods of 
failure for each component. This section addresses these issues. 


5.1 Generation of assertions 

For the first task, the generation of assertions, two kinds of tools can be 
used: reason maintenance systems or domain-dependent analysis tools. The 
latter generates the assertions directly while the former searches. For ex- 
ample, for electric circuits, the direct methods include those based in nodal 
analysis, loop analysis, etc. But the same assertions that are obtained 
by using those methods can also be generated by writing Kirchoff’s laws, 
device laws, and a description of the circuit in PROLOG. 

The choice of what tool is more effective depends on the specifics of the 
applications. For systems such as electric circuits, that are well understood 
and for which accurate models exist, domain-dependent methods seem to 
be more efficient. Another advantage of domain-dependent methods is their 
ability to make assertions not only when there is a difference between pre- 
diction and observation, but also when there is an agreement. Furthermore, 
typically more assertions can be made with domain-dependent methods 
than with domain-independent methods. Equation 12 is an example of an 
assertion that would not be made by domain-independent methods. 

It should be noted that reason maintenance systems are not 100% do- 
main independent. The module that predicts values (in order to compare 
with measurements) is domain dependent. Furthermore, it seems that the 
inference strategy of those systems can be extended to incorporate domain- 
dependent rules such as if the measurement agrees with the prediction, there 
can not be only one component failing for the adder/multiplier domain. But 
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writing such rules in a general-purpose formalism may be somewhat com- 
plex. The “consistent belief rule” and the “nogood inference rule” used 
by Struss and Dressier [18] are examples of additional rules that incorpo- 
rate fault models, that is, that incorporate a description of the behavior 
exhibited by the components when they fail. The “circumscribed diagno- 
sis engine” presented by Raiman [16] is another example of an extension 
to reason maintenance systems; it enables the generation of assertions not 
only from differences but also from agreements. 


5.2 Inference 

For the second subtask, the inference of component status given the as- 
sertions, sentential logic is sufficient. Previous methods also used reason 
maintenance systems for the inference [8,16,18]. Since first-order logic en- 
compasses sentential logic, those approaches worked. But the overhead 
costs of using a more general tool can be large. 

There is a correspondence between the approach presented in this pub- 
lication and previous approaches. For example, the minimal diagnosis con- 
cept used in previous work [7] is related to the terms of the minimized form 
of equation K. 

Viewing diagnosis as solving a set of Boolean equations is simpler than 
previous approaches. Many theorems used in those approaches have cor- 
responding theorems in Boolean algebra. With the approach presented in 
this publication, the well-developed machinery of Boolean algebra can be 
directly used for diagnosis. Moreover, a simpler formulation also facilitates 
focusing on the real computational issues. 

Furthermore, the search can be avoided by manipulating the assertions 
symbolically. An analogy can be made between numerical and symbolic 
methods in algebra or calculus, and search and symbolic methods in logic. 
Like numerical methods (e.g., for solving systems of nonlinear equations), 
search methods are robust and quite general. But search methods also 
have drawbacks that are analogous to the large amounts of computation 
and convergence problems of numerical algorithms. Symbolic methods, 
both in calculus and in logic, are not as general, but when they can be used 


13 


they are usually more efficient. Appendix B compares search and symbolic 
methods for problem solving. 

5.3 Probabilistic analysis 

Probabilistic analysis has also been used in previous research on automatic 
diagnosis [1,3,8,15]. 

Some previous work focused on medical and similar kinds of diagnosis 
where the physical system is not well understood [3,15]. In that work, the 
assertions that can be made from the manifestations have a degree of un- 
certainty. Work in this area aims at the generation of plausible hypothesis 
taking into account the uncertainty of the assertions. 

In other previous work [1,8] which, like this publication, focused on well- 
understood physical systems, the goal hats been to find a set of measure- 
ments, as small as possible, yet sufficient to diagnose all faults. Entropy 
measures were used to assess the amount of information each measure- 
ment can provide. These measures in turn used probabilities of failures 
for individual components. The prospective measurements were ranked in 
decreasing order of the amount of information they can provide. Since 
the actual amount of information provided by a measurement depends on 
the outcome, measurements are actually ranked by the expected (in the 
probabilistic sense) amount of information they will provide. 

While in diagnosis the goal is to have a (as small as possible) set of 
assertions such that the number of terms in equation K' is 1 (i.e., D = 0), 
the goal in monitoring is to direct attention to the parts of the system 
that seem to have problems. For monitoring, no choice of measurements 
need to be made since the sensors are fixed when the system is built. The 
probabilistic analysis in monitoring is not aimed at maximizing the amount 
of information which is fixed. It is aimed at refining the probabilities of 
failure of individual components. 
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6 Conclusion 


Diagnostic reasoning can be decoupled into the generation of assertions 
from the sensor readings and the system model, and the manipulation of 
these assertions. The latter can be seen as solving a system of Boolean 
equations. While previous approaches to automatic diagnosis used search, 
the approach presented in this publication consists of solving the system of 
equations symbolically. 

Unlike diagnosis where one can make further measurements until a de- 
cision is made, in selective monitoring the measurements are fixed. Using 
a priori probabilities of component failure and Bayes’ rule, revised proba- 
bilities of failure can be computed. These will indicate what components 
have failed or are the most likely to have failed. The method is robust 
in the sense that even if a priori probabilities are not accurate, if there is 
enough evidence showing that component c, has failed, the value computed 
for p(ci\K) will be 1. 

This approach is suitable for systems that are well understood and for 
which the correctness of the assertions can be guaranteed. Also, the sys- 
tem must be such that assertions can be made from instantaneous mea- 
surements. Furthermore, the system must be such that changes are slow 
enough to allow the computation. 

A number of aspects must be considered in selective monitoring and 
diagnostic reasoning is just one of them. Other aspects include, for exam- 
ple, the ability to anticipate problems or failures and the ability to detect 
abnormal conditions that are not caused by component failures. Future 
work will explore the combination of the technique presented in this publi- 
cation with those of previous work [10,11], and with other techniques such 
as expert systems [14] and neural networks [9]. 
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Appendixes 


A Digital circuit analysis 

Assertions (10) to (12), (14) to (16), and (18) to (20) introduced in section 
4 can be generated automatically as follows. 

To each sensor node in the circuit, there corresponds an and/ OR graph 
in which the OR nodes, which are circular, correspond to nodes in the cir- 
cuit; and the AND nodes, which are rectangular, correspond to components. 
Figures 3, 4, 5, and 6 show the and/or graphs for nodes F, G, X, and Y, 
respectively. 

For each solution tree of each and/or graph, the value of the root can 
be computed from the value of the leaves. If the computed value does not 
agree with the measurement, one can make the following assertion: 

d a + d b + ■ • • T dh = T 

where d a ,d b ,--- d h are the logical variables that indicate the status of the 
components corresponding to the AND nodes of the solution tree. This 
assertion corresponds to the fact that at least one of the components cor- 
responding to the and nodes has failed. If the computed value agrees with 
the measurements, one can make the following assertion: 

d a ’ df, ■ • • dh + d a • d b • • • dh + • • • + d a • d b • • • d^ = T 

This assertion corresponds to the fact that there cannot be only one com- 
ponent corresponding to the and nodes failed. 
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Figure 5: AND/OR graph for node X of the circuit shown in figure 2 


20 













Figure 6: AND/OR graph for node Y of the circuit shown in figure 2 
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Appendixes (continued) 

B A comparison between search and 
symbolic manipulation approaches 
to problem solving 

Consider the following problem, borrowed from [5]: 

(1) x € {0, 1} (2) a = e\{x) 

(3) y € {0, 1} (4 )b = ei(y) 

(5) z € {0, 1} (6) c = e\{z) 

(7) a 7 ^ b (8) b ^ c 

where the function e\ is very expensive to compute. 

The search approach to solve this problem is to enumerate all possibil- 
ities and try each one until a solution is found. Although techniques such 
as chronological backtracking can be used to improve the efficiency of this 
search, this process will typically involve extensive computation. 

The symbolic manipulation approach to solve this problem is to write 
Boolean equations corresponding to conditions (7) and (8) above: 

(x + y) ■ (x + y) = T 

(V + z) ■ (y + z) = T 

The conjunction of these equations is also true: 

(x + y) ■ (x + y) • (y + z) ■ (y + z) = 

x ■ y -z + x -y ■ z = T 

Therefore, the problem has two solutions: {x = 0 y = 1 2 = 0} and 

(x = 1 y = 0 z = l}. 
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